CVSS: 7.5EPSS: 5%CPEs: 92EXPL: 0CVE-2013-4537
https://notcve.org/view.php?id=CVE-2013-4537
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. La función ssi_sd_transfer en hw/sd/ssi-sd.c en QEMU anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un valor arglen manipulado en un imagen savevm. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.6EPSS: 0%CPEs: 93EXPL: 1CVE-2014-0223 – Qemu: qcow1: validate image size to avoid out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2014-0223
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un tamaño grande de imagen, lo que provoca un desbordamiento de buffer o una lectura fuera de rango. An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html http://www.debian.org/security/2014/dsa-3044 http://www.securityfocus.com/bid/67391 https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html https://access.redhat.com/security/cve/CVE-2014-0223 https://bugzilla.redhat.com/show_bug.cgi?id=1097222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4529 – qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4529
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Desbordamiento de buffer en hw/pci/pcie_aer.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un valor log_num grande en un imagen savevm. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0927.html https://access.redhat.com/security/cve/CVE-2013-4529 https://bugzilla.redhat.com/show_bug.cgi?id=1066353 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 93EXPL: 1CVE-2014-0222 – Qemu: qcow1: validate L2 table size to avoid integer overflows
https://notcve.org/view.php?id=CVE-2014-0222
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a atacantes remotos causara una denegación de servicio (caída) a través de una tabla L2 grande en un imagen QCOW versión 1. An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://www.debian.org/security/2014/dsa-3044 http://www.securityfocus.com/bid/67357 https://lists.gnu.org/archive/html/qemu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4527 – qemu: hpet: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4527
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Desbordamiento de buffer en hw/timer/hpet.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el número de temporizadores. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0927.html https://access.redhat.com/security/cve/CVE-2013-4527 https://bugzilla.redhat.com/show_bug.cgi?id=1066347 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •